FreeBSD-SA-20:30.ftpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:30.ftpd Security Advisory The FreeBSD Project Topic: ftpd privilege escalation via ftpchroot feature Category: core Module: ftpd Announced: 2020-09-15...

Shipt: Api Token Leaked in [shoppers.shipt.com]

A researcher reported an API key stored in source code that was part of a 3rd party knowledge base integration. The Shipt information security team immediately investigated the report and determined that the API key referenced was a legacy token that was no longer being used. While it didn't...

UBUNTU-CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

Hardcodes - Find Hardcoded Strings From Source Code

hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it. Yes, it is designed to process any syntax and following languages are officially supported: ada,...

Mail.ru: This Github Repository Seems Leaking "nino.samokat.ru" Source Code

nino.samokat.ru promo site source code was leaked on github.com...

Daily Tracker System 1.0 - Authentication Bypass

Exploit Title: Daily Tracker System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku CVE ID: CVE-2020-24193 Date: September 2, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups withi...

GHSA-77Q4-M83Q-W76V Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

CVE-2020-24115

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

CVE-2020-24115

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

Hardcoded credentials

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

CVE-2020-24115

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

Hack-Tools - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

Iran-Linked 'Newbie' Hackers Spread Dharma Ransomware Via RDP Ports

A group of ‘script kiddies’ tied to Iran are targeting companies worldwide with internet-facing Remote Desktop Protocol RDP ports and weak credentials in order to infect them with Dharma ransomware. The Dharma malware also known as Crysis has been distributed as a ransomware-as-a-service RaaS mod...

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection

Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-18 Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Software Link:...

CVE-2020-11733

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin...

Travel Management System 1.0 SQL Injection

Exploit Title: Travel Management System v1.0 - SQLi Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec and Bobby Cooke boku Date: August 10, 2020 Vendor Homepage: https://www.projectsworld.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/travel.zip Version: 1.0 Tested...

Arbitrary file read vulnerability in zblogphp 1.5.1

Z-Blog is an open source program based on Asp and PHP platforms. Z-Blog background arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the site source code...